RFR 8189131: Open-source the Oracle JDK Root Certificates
Rajan Halade
rajan.halade at oracle.com
Sat Dec 9 01:09:50 UTC 2017
On 12/8/17 8:15 PM, Volker Simonis wrote:
> OK, I've opened the RFR "JDK-8193255: Root Certificates should be
> stored in text format and assembled at build time" for this issue.
> I've also put some information about how the AdoptOpenJDK builds their
> cacerts JKS file from the Mozilla certdata.txt data into the JBS
> issue. I think we should do something similar in the OpenJDK at build
> time.
Thank you!
>
> By the way, how did you create the JKS file which will be contributed
> to the OpenJDK. I suppose Oracle gets all the contained certificates
> in a text format and assembles them internally into the binary cacerts
> file. So you must already have some tooling for doing this (although I
> understand that it may be not suitable for direct inclusion into the
> OpenJDK because of copyright/licensing issues).
I used keytool to import certificates in to keystore. The certificate
itself can be in DER or PEM format. PEM is a base64 encoded so we can
use it while working on [1].
You can use keytool if needed to export certificate from keystore and
then convert to PEM format.
Thanks,
Rajan
>
> Regards,
> Volker
>
> [1]https://bugs.openjdk.java.net/browse/JDK-8193255
More information about the security-dev
mailing list